[Bug sanitizer/97696] New: ICE since ASAN_MARK does not handle poly_int sized varibales

["matmal01 at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97696

            Bug ID: 97696
           Summary: ICE since ASAN_MARK does not handle poly_int sized
                    varibales
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Keywords: ice-checking
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: matmal01 at gcc dot gnu.org
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
  Target Milestone: ---
            Target: aarch64

asan_expand_mark_ifn asserts that the length to check is a SHWI.
(i.e. it uses `gcc_assert (tree_fits_shwi_p (len))` ).

It attempts to ensure this by avoiding VLA's in `gimplify_decl_expr`.
poly_int sized decls were added, and they were not treated as VLA's since
commit 22b62991 (SVN r275870).

Since then, poly_int sized variables can have ASAN_MARK called on them, which
means the `len` parameter of ASAN_MARK can be a poly_int causing an ICE in
asan_expand_mark_ifn  (n.b. in order to emit an ASAN_CHECK on a poly_int sized
variable so that the ASAN_MARK is not removed in the sanopt pass we need to
pass the poly_int sized variable to a builtin memory function).


An example  (modified from gcc/testsuite/c-c++-common/asan/pr80308.c):



(v3) work-lin:gcc [Tue 12:25:10] % cat ~/asan-ice.c
#include <arm_sve.h>

__attribute__((noinline, noclone)) int
foo (char *a)
{
  int i, j = 0;
  asm volatile ("" : "+r" (a) : : "memory");
  for (i = 0; i < 12; i++)
    j += a[i];
  return j;
}

int
main ()
{
  int i, j = 0;
  for (i = 0; i < 4; i++)
    {
      char a[12];
      __SVInt8_t freq;
      __builtin_bcmp (&freq, a, 10);
      __builtin_memset (a, 0, sizeof (a));
      j += foo (a);
    }
  return j;
}


(v3) work-lin:gcc [Tue 12:31:53] %
/installdir/aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-gcc
-march=armv8.6-a+sve -fsanitize=address -fsanitize-address-use-after-scope
~/asan-ice.c -S  -o /dev/null
during GIMPLE pass: sanopt
/home/matmal01/asan-ice.c: In function ‘main’:
/home/matmal01/asan-ice.c:14:1: internal compiler error: in
asan_expand_mark_ifn, at asan.c:3235
   14 | main ()
      | ^~~~
0xdde454 asan_expand_mark_ifn(gimple_stmt_iterator*)
        /builddir/src/gcc/gcc/asan.c:3235
0xdf6b7a execute
        /builddir/src/gcc/gcc/sanopt.c:1341
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.